Fix potential buffer overflow in macro primitive execution

Use dynamic buffer, we know the needed size here...
author: Panu Matilainen <pmatilai@redhat.com> 2007-08-27 09:55:42 +0300
committer: Panu Matilainen <pmatilai@redhat.com> 2007-08-27 09:55:42 +0300
commit: 40d25ee3ea29768f828d71a99f845792c46a2be0 (patch)
tree: 0f3a33e2129ec60ff78d5d7c630d64507c7cf508 /rpmio/macro.c
parent: ad7c8e98c9285fd100d0386e37ede8f2ba71f441 (diff)
download: rpm-40d25ee3ea29768f828d71a99f845792c46a2be0.tar.gz
rpm-40d25ee3ea29768f828d71a99f845792c46a2be0.tar.bz2
rpm-40d25ee3ea29768f828d71a99f845792c46a2be0.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/rpmio/macro.c b/rpmio/macro.c
index 6dc173f17..b5363ef00 100644
--- a/rpmio/macro.c
+++ b/rpmio/macro.c
@@ -1111,10 +1111,11 @@ doFoo(MacroBuf mb, int negate, const char * f, size_t fn,
 	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
 	/*@modifies mb, rpmGlobalMacroContext, fileSystem, internalState @*/
 {
-    char buf[BUFSIZ], *b = NULL, *be;
+    char *buf, *b = NULL, *be;
     int c;
 
-    buf[0] = '\0';
+    buf = alloca(gn + 1);
+    memset(buf, 0, gn + 1);
     if (g != NULL) {
 	strncpy(buf, g, gn);
 	buf[gn] = '\0';
author	Panu Matilainen <pmatilai@redhat.com>	2007-08-27 09:55:42 +0300
committer	Panu Matilainen <pmatilai@redhat.com>	2007-08-27 09:55:42 +0300
commit	40d25ee3ea29768f828d71a99f845792c46a2be0 (patch)
tree	0f3a33e2129ec60ff78d5d7c630d64507c7cf508 /rpmio/macro.c
parent	ad7c8e98c9285fd100d0386e37ede8f2ba71f441 (diff)
download	rpm-40d25ee3ea29768f828d71a99f845792c46a2be0.tar.gz rpm-40d25ee3ea29768f828d71a99f845792c46a2be0.tar.bz2 rpm-40d25ee3ea29768f828d71a99f845792c46a2be0.zip